Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/699efa-94f7-4125-b62f-41569abc37cc/1/azp0uAfBmmVnGohayAng7lNeRlk.roa
File:                     azp0uAfBmmVnGohayAng7lNeRlk.roa (raw, json)
Hash identifier:          d1/7xm3gwIWgDYFDDvnij00O6f13vrUjzAeUxnSELm0=
Subject key identifier:   6B:3A:74:B8:07:C1:9A:65:67:1A:88:5A:C8:09:E0:EE:53:5E:46:59
Certificate issuer:       /CN=d92b8a5ed46ac3046d45014723a0b92facf2a49b
Certificate serial:       018D53DFD194F90D4FF1528D6B2739DC928E
Authority key identifier: D9:2B:8A:5E:D4:6A:C3:04:6D:45:01:47:23:A0:B9:2F:AC:F2:A4:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2SuKXtRqwwRtRQFHI6C5L6zypJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/699efa-94f7-4125-b62f-41569abc37cc/1/azp0uAfBmmVnGohayAng7lNeRlk.roa
Signing time:             Mon 29 Jan 2024 06:19:53 +0000
ROA not before:           Mon 29 Jan 2024 06:19:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213098
IP address blocks:        194.34.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/699efa-94f7-4125-b62f-41569abc37cc/1/2SuKXtRqwwRtRQFHI6C5L6zypJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/699efa-94f7-4125-b62f-41569abc37cc/1/2SuKXtRqwwRtRQFHI6C5L6zypJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2SuKXtRqwwRtRQFHI6C5L6zypJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 06:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:53:df:d1:94:f9:0d:4f:f1:52:8d:6b:27:39:dc:92:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d92b8a5ed46ac3046d45014723a0b92facf2a49b
        Validity
            Not Before: Jan 29 06:19:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b3a74b807c19a65671a885ac809e0ee535e4659
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:16:5f:a6:5f:47:28:fc:8d:7d:90:31:c7:26:
                    d7:b1:6d:b6:1b:07:23:0f:37:4b:74:d7:a1:de:72:
                    07:e5:17:7e:2a:6b:f3:97:dd:65:01:81:8e:bb:b6:
                    04:77:9b:bd:43:21:f9:f7:e5:33:e3:42:d6:6b:cf:
                    62:d3:13:87:8d:43:fc:e7:a7:d0:15:9b:26:da:ee:
                    6b:0e:49:6f:59:a3:97:7e:be:f4:68:52:36:22:0c:
                    bd:68:01:1d:81:6e:71:5e:98:7a:47:be:16:eb:4b:
                    9b:85:2f:b1:be:76:af:7f:09:ce:e0:26:90:c9:5a:
                    32:70:ba:24:a0:fd:9c:1d:7c:17:3e:c7:cd:e4:de:
                    5e:cd:8d:88:15:65:54:ff:a7:26:d1:d3:46:00:57:
                    40:f2:8a:e3:5e:85:72:8e:b7:ad:7d:f4:1e:40:5c:
                    3c:b0:19:f2:7d:12:e7:e7:94:0f:cd:0e:09:40:d8:
                    34:8c:fb:a7:cc:19:df:ca:3d:51:33:a4:b5:93:55:
                    ec:47:1d:46:72:5f:a5:4d:02:65:45:c0:a8:a3:49:
                    05:79:1e:5c:bc:26:92:ec:28:a7:3c:f3:11:bd:a4:
                    2c:36:73:be:b4:3d:09:11:44:ca:42:44:2d:b4:af:
                    9f:fc:5e:c3:6a:76:bb:c2:95:3a:df:fb:db:3a:d7:
                    82:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:3A:74:B8:07:C1:9A:65:67:1A:88:5A:C8:09:E0:EE:53:5E:46:59
            X509v3 Authority Key Identifier:
                keyid:D9:2B:8A:5E:D4:6A:C3:04:6D:45:01:47:23:A0:B9:2F:AC:F2:A4:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2SuKXtRqwwRtRQFHI6C5L6zypJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/699efa-94f7-4125-b62f-41569abc37cc/1/azp0uAfBmmVnGohayAng7lNeRlk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/699efa-94f7-4125-b62f-41569abc37cc/1/2SuKXtRqwwRtRQFHI6C5L6zypJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:99:28:c0:d5:3a:cd:37:60:f7:50:f0:98:78:e9:18:5f:80:
         1b:9c:9b:d3:37:86:74:82:d7:06:ce:30:d6:05:4e:72:12:30:
         a4:78:1b:a0:07:01:89:3e:e6:a2:40:fa:44:4e:df:c7:d0:d1:
         f0:96:97:eb:d9:cc:96:82:be:af:2d:21:8d:77:25:19:5f:1d:
         bc:2d:a0:95:da:c6:c1:e0:af:53:49:3a:f5:9f:b1:ba:f2:30:
         43:98:30:b5:df:47:f9:ea:c4:5b:6f:96:5a:78:b4:a1:28:71:
         da:15:c6:e4:1c:ac:e9:fb:19:89:8b:6a:d4:cb:ca:a0:32:44:
         dc:32:d8:34:85:c6:52:92:3f:91:73:a0:36:88:39:93:c2:f6:
         08:ea:3a:db:cf:76:77:99:9b:12:2b:93:c7:a9:ae:5d:33:43:
         8b:b2:b4:8b:30:6b:8b:d9:4e:76:23:3d:1e:20:f7:d8:a1:7b:
         d6:c2:e8:37:e2:a6:3f:9f:e9:2e:35:de:6b:a3:11:43:30:5b:
         8b:b7:35:82:47:a5:28:32:7e:67:cc:27:75:3c:1f:2b:36:d3:
         76:20:7b:83:fd:32:a3:9c:ad:c0:fb:78:b9:b5:7e:bd:ea:ad:
         95:db:ae:f7:00:4b:b4:0c:07:7f:3d:05:40:72:8c:90:a2:a6:
         ae:b6:3c:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1T39GU+Q1P8VKNayc53JKOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5MmI4YTVlZDQ2YWMzMDQ2ZDQ1MDE0NzIzYTBiOTJmYWNm
MmE0OWIwHhcNMjQwMTI5MDYxOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjNhNzRiODA3YzE5YTY1NjcxYTg4NWFjODA5ZTBlZTUzNWU0NjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxZfpl9HKPyNfZAxxybXsW22Gwcj
DzdLdNeh3nIH5Rd+Kmvzl91lAYGOu7YEd5u9QyH59+Uz40LWa89i0xOHjUP856fQ
FZsm2u5rDklvWaOXfr70aFI2Igy9aAEdgW5xXph6R74W60ubhS+xvnavfwnO4CaQ
yVoycLokoP2cHXwXPsfN5N5ezY2IFWVU/6cm0dNGAFdA8orjXoVyjretffQeQFw8
sBnyfRLn55QPzQ4JQNg0jPunzBnfyj1RM6S1k1XsRx1Gcl+lTQJlRcCoo0kFeR5c
vCaS7CinPPMRvaQsNnO+tD0JEUTKQkQttK+f/F7Dana7wpU63/vbOteCrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGs6dLgHwZplZxqIWsgJ4O5TXkZZMB8GA1UdIwQY
MBaAFNkril7UasMEbUUBRyOguS+s8qSbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlN1S1h0UnF3d1J0UlFGSEk2QzVMNnp5cEpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS82OTllZmEtOTRmNy00MTI1LWI2MmYt
NDE1NjlhYmMzN2NjLzEvYXpwMHVBZkJtbVZuR29oYXlBbmc3bE5lUmxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS82OTllZmEtOTRmNy00MTI1LWI2MmYtNDE1NjlhYmMzN2Nj
LzEvMlN1S1h0UnF3d1J0UlFGSEk2QzVMNnp5cEpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiILMA0G
CSqGSIb3DQEBCwUAA4IBAQAnmSjA1TrNN2D3UPCYeOkYX4AbnJvTN4Z0gtcGzjDW
BU5yEjCkeBugBwGJPuaiQPpETt/H0NHwlpfr2cyWgr6vLSGNdyUZXx28LaCV2sbB
4K9TSTr1n7G68jBDmDC130f56sRbb5ZaeLShKHHaFcbkHKzp+xmJi2rUy8qgMkTc
Mtg0hcZSkj+Rc6A2iDmTwvYI6jrbz3Z3mZsSK5PHqa5dM0OLsrSLMGuL2U52Iz0e
IPfYoXvWwug34qY/n+kuNd5roxFDMFuLtzWCR6UoMn5nzCd1PB8rNtN2IHuD/TKj
nK3A+3i5tX696q2V2673AEu0DAd/PQVAcoyQoqautjz8
-----END CERTIFICATE-----